xmpp@conference.ietf.jabber.com - 2003/03/17

[00:33] %% es has arrived.
[04:03] %% sandeep has arrived.
[04:04] %% sandeep has left.
[04:12] %% es has left.
[09:46] %% hildjj has arrived.
[09:46] <hildjj> ?? logs
[10:18] %% bschumacher has arrived.
[10:18] <bschumacher> ?? logs
[10:19] %% bschumacher has left.
[10:29] %% kibozer has arrived.
[10:29] %% kibozer has left.
[10:30] %% kibozer has arrived.
[10:30] %% kibozer has left.
[10:30] %% kibozer has arrived.
[10:30] %% kibozer has left.
[10:41] %% es has arrived.
[10:44] %% kibozer has arrived.
[10:45] %% kibozer has left.
[10:48] %% kibozer has arrived.
[10:49] %% hildjj has left.
[10:52] %% hildjj has arrived.
[10:53] <hildjj> kibozer: yow
[10:53] <kibozer> Well, I'm on the right planet---everyone looks like me!!!
[10:53] %% hildjj has left.
[10:57] %% mass has arrived.
[12:13] <mass> /join apparea
[12:13] <mass> damn
[12:29] %% kibozer has left.
[13:40] %% es has left.
[13:43] %% mass has left.
[14:40] %% kibozer has arrived.
[14:53] %% hildjj has arrived.
[14:53] %% hildjj has left.
[15:05] %% kibozer has left.
[15:07] %% kibozer has arrived.
[15:13] %% kibozer has left.
[15:13] %% kibozer has arrived.
[15:32] %% Sean has arrived.
[15:34] %% ulieberman has arrived.
[16:05] %% ulieberman has left.
[16:08] %% seanwelsh has arrived.
[16:09] %% seanwelsh has left.
[16:25] %% mass has arrived.
[16:39] %% kibozer has left.
[16:40] <mass> ?? logs
[16:52] %% kibozer has arrived.
[17:38] %% mass has left.
[18:30] %% ghewgill has arrived.
[18:43] %% kibozer has left.
[18:43] %% kibozer has arrived.
[18:59] %% kibozer has left.
[20:13] <ghewgill> hmm, wasn't there a meeting today?
[20:25] %% fsolensky has arrived.
[20:26] %% fsolensky has left.
[20:33] %% mass has arrived.
[20:34] * mass idles for a bit
[20:48] %% es has arrived.
[20:48] %% rjs3 has arrived.
[20:48] %% hartmans has arrived.
[20:51] %% jhutz has arrived.
[20:52] %% mrose has arrived.
[20:57] %% hardie has arrived.
[20:57] %% lisaDusseault has arrived.
[20:57] <lisaDusseault> We're getting a laptop booted IRL here.
[20:58] <mrose> Lisa: Agenda
1930 - Agenda-bashing, find note-taker
1940 - draft-ietf-xmpp-core: P. Saint-Andre
Overview - changes since last meeting
SASL / TLS
Internationalization
Error handling
How 'core' meets IMPP requirements
2010 - draft-ietf-xmpp-im: P. Saint-Andre
Overview - changes since last meeting
Rosters & subscriptions
Communications blocking
How 'im' meets IMPP requirements
2040 - draft-ietf-xmpp-*prep: J. Hildebrand
2050 - draft-ietf-xmpp-e2e: J. Hildebrand
2110 - draft-hildebrand-xmpp-sdpng: J. Hildebrand
2130 - Break for drinks!

[20:58] <jhutz> oh, just send us a URL to the presentation
[20:58] <lisaDusseault> http://www.jabber.org/ietf/56/psa/
[20:59] <lisaDusseault> There you go!
[20:59] <hartmans> O, I didn't notice that core 05 existed when I wrote
my mail about SASL earlier today.
I think the absence of core 04 in my repository threw me off.
Will read now and reply to mtr on list
[20:59] <hardie> Thanks, Lisa.
[20:59] %% toddp has arrived.
[21:00] %% duerst has arrived.
[21:00] %% pgmillard has arrived.
[21:01] %% lisaDusseault has left.
[21:02] <jhutz> based on the slide, it looks like they're still making the fatal assumption that it's OK to separate authentication and authorization
[21:05] %% es has left.
[21:05] %% perry has arrived.
[21:07] <mrose> slide: XMPP Core: Security
[21:07] <mrose> Issues from the room: If you're going to use TLS for peer-to-peer, you need to explain
what parts of the certificate you examine.

Q: If TLS negotiation has failed, things are typically hosed because
TLS implementations will probably read more than you
want. (beyond just the TLS error.)

[21:10] <mrose> folks - i can't both scribe here and take the minutes... if someone wants to scribe here, please do so...
[21:11] <hartmans> But basically my question is whether you get anything from TLS. It seems dialback may be sufficient.
[21:15] <hartmans> I can't believe I'm arguing for dialback
[21:17] %% paf has arrived.
[21:17] <hartmans> jis points out that dialback gives you uniserval connectivity between servers; we don't want to give that up
[21:18] <hartmans> perry Points out that TLS is useful for encryption even in case where no auth happens
[21:19] %% pgmillard has left.
[21:19] %% pgmillard has arrived.
[21:19] %% duerst has left.
[21:19] %% duerst has arrived.
[21:20] <perry> the fun part of this is, we're all really generally in agreement
[21:20] <perry> but we're in danger of not doing what we agree on.
[21:21] <duerst> [this is a test, sorry]
[21:21] <duerst> [this is a real test, with some Japanese:
[21:22] * mass can't remember what that says ;-)
[21:23] <mass> oh, duh
[21:24] <jhutz> ==perry
[21:24] <perry> I think ekr is correct
[21:24] <perry> I do not think the dialback system actually adds security over no dialback, at least if you analyze it.
[21:25] <hartmans> I think ekr is correct in that if people cannot justify dialback it should be dropped.
[21:25] <hartmans> Perhaps we should ask jis to support dialback.
[21:25] <hartmans> Or arther ask jis to write up pro-dialback arguments
[21:27] <perry> are we done with the security discussion? I need to get to v6....
[21:27] <mrose> yes
[21:27] <perry> okay. cool.
[21:27] <perry> see y'all later.
[21:27] <mrose> ciao
[21:27] %% perry has left.
[21:29] <pgmillard> seems like we can just layer lang. negotiation into some "on top" of xmpp.
[21:29] <pgmillard> + protocol :)
[21:29] %% fsolensky has arrived.
[21:31] %% warlord has arrived.
[21:36] %% ekr has arrived.
[21:37] %% rob has arrived.
[21:37] <paf> Regarding the URN, AD's (Ted+paf) will resolv the issue by talking with mr URN, Michael Mealling. It will be resolved. Don't bother thinking about it.
[21:38] <ekr> maybe we should just generate urns by generating random 160-bit strings.
[21:38] <hardie> Replay attack?
[21:39] <warlord> Oh, great, so after 2^80 URNs we get a birthday paradox?
[21:39] <ekr> Yep. That's what makes it fun.
[21:40] <hartmans> Much sooner the way most people do PRNGs
[21:42] <pgmillard> moving on to -IM draft deltas.
[21:43] <pgmillard> * lots more detail about presence/roster interactions
[21:43] <pgmillard> * bring error handling up to -CORE draft
[21:43] <pgmillard> * privacy list stuff.
[21:44] <pgmillard> open issues from 2779:
[21:44] <pgmillard> 5.1.3 - unauthenticated subscriptions
[21:44] <pgmillard> 5.1.4 - verifying accurate receipt by subscriber
[21:45] %% TonyHansen has arrived.
[21:52] <hartmans> ANd hear we see that IMPP could have benefited from security language
[21:55] <pgmillard> moving on to *prep stuff by Joe Hildebrand
[21:55] <warlord> Yes, it definitely could have..
[22:08] %% rob has left.
[22:08] %% pgmillard has left.
[22:08] %% rob has arrived.
[22:08] %% jhutz has left.
[22:09] %% hardie has left.
[22:09] %% fsolensky has left.
[22:09] %% rjs3 has left.
[22:10] %% warlord has left.
[22:14] %% rob has left.
[22:19] %% mrose has left.
[22:23] %% hartmans has left.
[22:30] %% avshalom has arrived.
[22:30] %% mass has left.
[22:30] %% toddp has left.
[22:39] %% avshalom has left.
[23:09] %% ghewgill has left.
[23:13] %% ekr has left.
[23:15] %% enger has arrived.
[23:16] %% enger has left.
[23:16] %% duerst has left.
[23:21] %% paf has left.